Check Point Advisories

Preemptive Protection against Adobe Products PNG Buffer Overflow Vulnerability

Check Point Reference: CPAI-2007-056
Date Published: 8 May 2007
Severity: High
Last Updated: Monday 01 January, 2007
Source: Secunia Advisory: SA25044
Industry Reference:CVE-2007-2365
Protection Provided by:
Who is Vulnerable? Adobe Systems Adobe Photoshop CS 2
Adobe Systems Adobe Photoshop CS 3
Adobe Systems Adobe Photoshop Elements (Editor) for Windows 5.0
Vulnerability Description A remote code execution vulnerability has been discovered in the way several Adobe products process PNG files. PNG (Portable Network Graphics) is a bitmapped image format that is used as an alternative to other image formats such as GIF and TIFF. By persuading a user to open a specially crafted PNG image file, an attacker may be able to execute arbitrary code on an affected system.
Vulnerability DetailsThe vulnerability is due to a boundary error in the PNG.8BI plugin in the Adobe Photoshop that fails to properly handle malformed PNG files. By convincing a user to visit a specially crafted HTML documents or open a malicious web page, a remote attacker could create a stack-based buffer overflow. Successful exploitation may allow execution of arbitrary code on a vulnerable system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK